Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

How to read the report | Suppressing false positives | Getting Help: google group | github issues

Project: Bank

Scan Information (show all):

Display: Showing Vulnerable Dependencies (click to show all)

Dependency CPE GAV Highest Severity CVE Count CPE Confidence Evidence Count
accessors-smart-1.1.jar net.minidev:accessors-smart:1.1   0 15
activation-1.1.jar javax.activation:activation:1.1   0 19
android-json-0.0.20131108.vaadin1.jar cpe:/a:google:android:0.0.201311 com.vaadin.external.google:android-json:0.0.20131108.vaadin1 High 5 LOW 17
antlr-2.7.7.jar antlr:antlr:2.7.7   0 12
asm-5.0.3.jar org.ow2.asm:asm:5.0.3   0 20
aspectjweaver-1.8.10.jar org.aspectj:aspectjweaver:1.8.10   0 19
assertj-core-2.6.0.jar org.assertj:assertj-core:2.6.0   0 20
automaton-1.11-8.jar dk.brics.automaton:automaton:1.11-8   0 8
bcpkix-jdk15on-1.56.jar org.bouncycastle:bcpkix-jdk15on:1.56   0 26
bcprov-jdk15on-1.56.jar cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.56
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.56
org.bouncycastle:bcprov-jdk15on:1.56   0 LOW 26
classmate-1.3.3.jar com.fasterxml:classmate:1.3.3   0 26
crash.cli-1.3.2.jar org.crashub:crash.cli:1.3.2   0 15
crash.connectors.ssh-1.3.2.jar org.crashub:crash.connectors.ssh:1.3.2   0 15
crash.embed.spring-1.3.2.jar org.crashub:crash.embed.spring:1.3.2   0 14
crash.plugins.cron-1.3.2.jar org.crashub:crash.plugins.cron:1.3.2   0 14
crash.plugins.mail-1.3.2.jar org.crashub:crash.plugins.mail:1.3.2   0 14
crash.shell-1.3.2.jar org.crashub:crash.shell:1.3.2   0 13
crash.shell-1.3.2.jar: jansi.dll   0 1
crash.shell-1.3.2.jar: jansi.dll   0 1
cron4j-2.2.5.jar it.sauronsoftware.cron4j:cron4j:2.2.5   0 14
dom4j-1.6.1.jar dom4j:dom4j:1.6.1   0 19
generex-1.0.2.jar com.github.mifmif:generex:1.0.2   0 16
groovy-2.4.10.jar cpe:/a:apache:groovy:2.4.10 org.codehaus.groovy:groovy:2.4.10 Medium 1 LOW 24
guava-20.0.jar com.google.guava:guava:20.0   0 17
hamcrest-core-1.3.jar org.hamcrest:hamcrest-core:1.3   0 17
hamcrest-library-1.3.jar org.hamcrest:hamcrest-library:1.3   0 17
hibernate-commons-annotations-5.0.1.Final.jar org.hibernate.common:hibernate-commons-annotations:5.0.1.Final   0 22
hibernate-core-5.0.12.Final.jar org.hibernate:hibernate-core:5.0.12.Final   0 23
hibernate-entitymanager-5.0.12.Final.jar org.hibernate:hibernate-entitymanager:5.0.12.Final   0 24
hibernate-jpa-2.1-api-1.0.0.Final.jar org.hibernate.javax.persistence:hibernate-jpa-2.1-api:1.0.0.Final   0 18
hibernate-validator-5.3.5.Final.jar cpe:/a:hibernate:hibernate_validator:5.3.5 org.hibernate:hibernate-validator:5.3.5.Final   0 LOW 22
jackson-annotations-2.8.0.jar cpe:/a:fasterxml:jackson:2.8.0 com.fasterxml.jackson.core:jackson-annotations:2.8.0 Medium 1 LOW 25
jackson-core-2.8.8.jar cpe:/a:fasterxml:jackson:2.8.8 com.fasterxml.jackson.core:jackson-core:2.8.8 Medium 1 LOW 25
jandex-2.0.0.Final.jar org.jboss:jandex:2.0.0.Final   0 25
javassist-3.21.0-GA.jar org.javassist:javassist:3.21.0-GA   0 18
javax.mail-1.5.6.jar cpe:/a:sun:javamail:1.5.6 com.sun.mail:javax.mail:1.5.6   0 LOW 25
javax.transaction-api-1.2.jar javax.transaction:javax.transaction-api:1.2   0 23
jboss-logging-3.3.1.Final.jar org.jboss.logging:jboss-logging:3.3.1.Final   0 27
jcl-over-slf4j-1.7.25.jar org.slf4j:jcl-over-slf4j:1.7.25   0 19
jpam-1.1.jar net.sf.jpam:jpam:1.1   0 14
json-path-2.2.0.jar com.jayway.jsonpath:json-path:2.2.0   0 19
json-smart-2.2.1.jar net.minidev:json-smart:2.2.1   0 17
jsonassert-1.4.0.jar org.skyscreamer:jsonassert:1.4.0   0 13
jul-to-slf4j-1.7.25.jar org.slf4j:jul-to-slf4j:1.7.25   0 18
junit-4.12.jar junit:junit:4.12   0 17
log4j-over-slf4j-1.7.25.jar org.slf4j:log4j-over-slf4j:1.7.25   0 19
logback-core-1.1.11.jar cpe:/a:logback:logback:1.1.11 ch.qos.logback:logback-core:1.1.11   0 LOW 18
mina-core-2.0.7.jar org.apache.mina:mina-core:2.0.7   0 15
mockito-core-1.10.19.jar org.mockito:mockito-core:1.10.19   0 14
mysql-connector-java-5.1.41.jar cpe:/a:mysql:mysql:5.1.41 mysql:mysql-connector-java:5.1.41 High 98 HIGHEST 23
objenesis-2.1.jar org.objenesis:objenesis:2.1   0 24
slf4j-api-1.7.25.jar org.slf4j:slf4j-api:1.7.25   0 19
slf4j-nop-1.7.25.jar org.slf4j:slf4j-nop:1.7.25   0 19
snakeyaml-1.17.jar org.yaml:snakeyaml:1.17   0 16
spring-aop-4.3.8.RELEASE.jar org.springframework:spring-aop:4.3.8.RELEASE   0 15
spring-aspects-4.3.8.RELEASE.jar org.springframework:spring-aspects:4.3.8.RELEASE   0 15
spring-beans-4.3.8.RELEASE.jar org.springframework:spring-beans:4.3.8.RELEASE   0 16
spring-boot-1.5.3.RELEASE.jar org.springframework.boot:spring-boot:1.5.3.RELEASE   0 20
spring-boot-actuator-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-actuator:1.5.3.RELEASE   0 20
spring-boot-autoconfigure-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-autoconfigure:1.5.3.RELEASE   0 20
spring-boot-starter-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter:1.5.3.RELEASE   0 20
spring-boot-starter-actuator-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-actuator:1.5.3.RELEASE   0 20
spring-boot-starter-aop-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-aop:1.5.3.RELEASE   0 20
spring-boot-starter-data-jpa-1.5.3.RELEASE.jar cpe:/a:pivotal_software:spring_data_jpa:1.5.3 org.springframework.boot:spring-boot-starter-data-jpa:1.5.3.RELEASE Medium 1 LOW 20
spring-boot-starter-jdbc-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-jdbc:1.5.3.RELEASE   0 20
spring-boot-starter-logging-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-logging:1.5.3.RELEASE   0 20
spring-boot-starter-mail-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-mail:1.5.3.RELEASE   0 20
spring-boot-starter-remote-shell-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-remote-shell:1.5.3.RELEASE   0 20
spring-boot-starter-security-1.5.3.RELEASE.jar cpe:/a:pivotal_software:spring_security:1.5.3 org.springframework.boot:spring-boot-starter-security:1.5.3.RELEASE   0 LOW 20
spring-boot-starter-test-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-test:1.5.3.RELEASE   0 20
spring-boot-starter-tomcat-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-tomcat:1.5.3.RELEASE   0 20
spring-boot-starter-web-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-web:1.5.3.RELEASE   0 20
spring-boot-starter-web-services-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-starter-web-services:1.5.3.RELEASE   0 20
spring-boot-test-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-test:1.5.3.RELEASE   0 20
spring-boot-test-autoconfigure-1.5.3.RELEASE.jar org.springframework.boot:spring-boot-test-autoconfigure:1.5.3.RELEASE   0 20
spring-context-4.3.8.RELEASE.jar org.springframework:spring-context:4.3.8.RELEASE   0 14
spring-context-support-4.3.8.RELEASE.jar cpe:/a:context_project:context:4.3.8 org.springframework:spring-context-support:4.3.8.RELEASE   0 LOW 15
spring-core-4.3.8.RELEASE.jar cpe:/a:pivotal:spring_framework:4.3.8
cpe:/a:pivotal_software:spring_framework:4.3.8
cpe:/a:springsource:spring_framework:4.3.8
cpe:/a:vmware:springsource_spring_framework:4.3.8
org.springframework:spring-core:4.3.8.RELEASE   0 LOW 19
spring-data-commons-1.13.3.RELEASE.jar org.springframework.data:spring-data-commons:1.13.3.RELEASE   0 16
spring-data-jpa-1.11.3.RELEASE.jar org.springframework.data:spring-data-jpa:1.11.3.RELEASE   0 18
spring-expression-4.3.8.RELEASE.jar org.springframework:spring-expression:4.3.8.RELEASE   0 16
spring-jdbc-4.3.8.RELEASE.jar org.springframework:spring-jdbc:4.3.8.RELEASE   0 15
spring-orm-4.3.8.RELEASE.jar org.springframework:spring-orm:4.3.8.RELEASE   0 15
spring-oxm-4.3.8.RELEASE.jar org.springframework:spring-oxm:4.3.8.RELEASE   0 15
spring-security-config-4.2.2.RELEASE.jar org.springframework.security:spring-security-config:4.2.2.RELEASE   0 17
spring-security-core-4.2.2.RELEASE.jar org.springframework.security:spring-security-core:4.2.2.RELEASE   0 15
spring-security-web-4.2.2.RELEASE.jar org.springframework.security:spring-security-web:4.2.2.RELEASE   0 16
spring-test-4.3.8.RELEASE.jar org.springframework:spring-test:4.3.8.RELEASE   0 16
spring-tx-4.3.8.RELEASE.jar org.springframework:spring-tx:4.3.8.RELEASE   0 15
spring-web-4.3.8.RELEASE.jar org.springframework:spring-web:4.3.8.RELEASE   0 15
spring-webmvc-4.3.8.RELEASE.jar org.springframework:spring-webmvc:4.3.8.RELEASE   0 16
spring-ws-core-2.4.0.RELEASE.jar org.springframework.ws:spring-ws-core:2.4.0.RELEASE   0 15
spring-xml-2.4.0.RELEASE.jar org.springframework.ws:spring-xml:2.4.0.RELEASE   0 15
sshd-core-0.11.0.jar org.apache.sshd:sshd-core:0.11.0   0 21
sshd-pam-0.11.0.jar org.apache.sshd:sshd-pam:0.11.0   0 17
tomcat-embed-core-8.5.14.jar cpe:/a:apache:tomcat:8.5.14 org.apache.tomcat.embed:tomcat-embed-core:8.5.14 High 4 HIGHEST 16
tomcat-embed-el-8.5.14.jar org.apache.tomcat.embed:tomcat-embed-el:8.5.14   0 17
tomcat-jdbc-8.5.14.jar org.apache.tomcat:tomcat-jdbc:8.5.14   0 16
tomcat-juli-8.5.14.jar org.apache.tomcat:tomcat-juli:8.5.14   0 17
validation-api-1.1.0.Final.jar javax.validation:validation-api:1.1.0.Final   0 14
wsdl4j-1.6.3.jar wsdl4j:wsdl4j:1.6.3   0 19
xmlschema-core-2.0.1.jar org.apache.ws.xmlschema:xmlschema-core:2.0.1   0 16
xmlsec-2.0.8.jar cpe:/a:apache:xml_security_for_java:2.0.8 org.apache.santuario:xmlsec:2.0.8   0 LOW 25
crash.shell-1.3.2.jar\META-INF/maven/jline/jline/pom.xml jline:jline:2.12   0 4
assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml cglib:cglib-nodep:3.2.4   0 4
assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml cglib:cglib:3.2.4   0 4

Dependencies

accessors-smart-1.1.jar

Description: Java reflect give poor performance on getter setter an constructor calls, accessors-smart use ASM to speed up those calls.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\accessors-smart-1.1.jar
MD5: b75cda0d7dadff9e6c20f4e7f3c3bc82
SHA1: a527213f2fea112a04c9bdf0ec0264e34104cd08

Identifiers

activation-1.1.jar

Description:  JavaBeans Activation Framework (JAF) is a standard extension to the Java platform that lets you take advantage of standard services to: determine the type of an arbitrary piece of data; encapsulate access to it; discover the operations available on it; and instantiate the appropriate bean to perform the operation(s).

License:

Common Development and Distribution License (CDDL) v1.0: https://glassfish.dev.java.net/public/CDDLv1.0.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\activation-1.1.jar
MD5: 8ae38e87cd4f86059c0294a8fe3e0b18
SHA1: e6cb541461c2834bdea3eb920f1884d1eb508b50

Identifiers

android-json-0.0.20131108.vaadin1.jar

Description:    JSON (JavaScript Object Notation) is a lightweight data-interchange format. This is the org.json compatible Android implementation extracted from the Android SDK  

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\android-json-0.0.20131108.vaadin1.jar
MD5: 10612241a9cc269501a7a2b8a984b949
SHA1: fa26d351fe62a6a17f5cda1287c1c6110dec413f

Identifiers

CVE-2016-5696  

Severity: Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:N/I:P/A:P)
CWE: CWE-200 Information Exposure

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Vulnerable Software & Versions: (show all)

CVE-2014-6060  

Severity: Low
CVSS Score: 3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.

Vulnerable Software & Versions: (show all)

CVE-2014-1939  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-94 Improper Control of Generation of Code ('Code Injection')

java/android/webkit/BrowserFrame.java in Android before 4.4 uses the addJavascriptInterface API in conjunction with creating an object of the SearchBoxImpl class, which allows attackers to execute arbitrary Java code by leveraging access to the searchBoxJavaBridge_ interface at certain Android API levels.

Vulnerable Software & Versions: (show all)

CVE-2013-7372  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-310 Cryptographic Issues

The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache Harmony through 6.0M3, as used in the Java Cryptography Architecture (JCA) in Android before 4.4 and other products, when no seed is provided by the user, uses an incorrect offset value, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging the resulting PRNG predictability, as exploited in the wild against Bitcoin wallet applications in August 2013.

Vulnerable Software & Versions: (show all)

CVE-2010-1807  

Severity: High
CVSS Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)
CWE: CWE-20 Improper Input Validation

WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.

Vulnerable Software & Versions: (show all)

antlr-2.7.7.jar

Description:  A framework for constructing recognizers, compilers, and translators from grammatical descriptions containing Java, C#, C++, or Python actions.

License:

BSD License: http://www.antlr.org/license.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\antlr-2.7.7.jar
MD5: f8f1352c52a4c6a500b597596501fc64
SHA1: 83cd2cd674a217ade95a4bb83a8a14f351f48bd0

Identifiers

asm-5.0.3.jar

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\asm-5.0.3.jar
MD5: ccebee99fb8cdd50e1967680a2eac0ba
SHA1: dcc2193db20e19e1feca8b1240dbbc4e190824fa

Identifiers

aspectjweaver-1.8.10.jar

Description: The AspectJ weaver introduces advices to java classes

License:

Eclipse Public License - v 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\aspectjweaver-1.8.10.jar
MD5: 4f965cdc6a8f1731e538492a6f54a20a
SHA1: e198c5fee28988c355f74e06461614eae36b2032

Identifiers

assertj-core-2.6.0.jar

Description: Rich and fluent assertions for testing

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar
MD5: 1c7a969eeb11e3dd854a6a5f417f5cf2
SHA1: b532c3fc4f66bcfee4989a3514f1cd56203a33ad

Identifiers

automaton-1.11-8.jar

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\automaton-1.11-8.jar
MD5: 3467dcbbba2fe68a4e07a5826988e034
SHA1: 6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f

Identifiers

bcpkix-jdk15on-1.56.jar

Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\bcpkix-jdk15on-1.56.jar
MD5: 17b2b704b3ad9b36a6fca1ace60a2a06
SHA1: 4648af70268b6fdb24674fb1fd7c1fcc73db1231

Identifiers

bcprov-jdk15on-1.56.jar

Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.8.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\bcprov-jdk15on-1.56.jar
MD5: 3c1bc7aaf3449308e34296546078d9f7
SHA1: a153c6f9744a3e9dd6feab5e210e1c9861362ec7

Identifiers

  • cpe: cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.56   Confidence:LOW   
  • cpe: cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.56   Confidence:LOW   
  • maven: org.bouncycastle:bcprov-jdk15on:1.56   Confidence:HIGHEST

classmate-1.3.3.jar

Description: Library for introspecting types with full generic information including resolving of field and method types.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\classmate-1.3.3.jar
MD5: 85986d1c6a2a58901ab1ca64ff4d8a50
SHA1: 864c8e370a691e343210cc7c532fc198cee460d8

Identifiers

crash.cli-1.3.2.jar

Description: The CRaSH command line interface module

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.cli-1.3.2.jar
MD5: e662250718bdef1d292b3214a4d34414
SHA1: 98101f8591be8612ddd5fec2ae884c3f1026eddc

Identifiers

crash.connectors.ssh-1.3.2.jar

Description: The CRaSH SSH connector

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.connectors.ssh-1.3.2.jar
MD5: 53a418c6a6023b8cd37592e7c9b29867
SHA1: 03705258c976ddc428ad0d72be99bc4f7891c408

Identifiers

crash.embed.spring-1.3.2.jar

Description: The CRaSH Spring integration module

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.embed.spring-1.3.2.jar
MD5: 4145f01d4378327efe25c1bbf6fbce11
SHA1: 6ca5b3cffe798ad4b9b42356b4af179e9f21891e

Identifiers

crash.plugins.cron-1.3.2.jar

Description: TODO

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.plugins.cron-1.3.2.jar
MD5: 78f61398079b02353be6970edf53520e
SHA1: 40a5063e6c930ede0ce1d59baf592b7bdcafb1ff

Identifiers

crash.plugins.mail-1.3.2.jar

Description: This plugin allows to integrate JavaMail in CRaSH and provides a mail command

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.plugins.mail-1.3.2.jar
MD5: 1a68d553c5cb95401103029d95e7a8fa
SHA1: b88f401ff420b678d35328b685e23b7008741633

Identifiers

crash.shell-1.3.2.jar

Description: The Shell module

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar
MD5: 4b0fde81235b9d073f21f43618e2cc3c
SHA1: 3bbaaa18968b9c25f850c7f0469cd8fc3fcd0b7e

Identifiers

crash.shell-1.3.2.jar: jansi.dll

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF\native\windows32\jansi.dll
MD5: 1e56641bb68937f8e2020cbff5d04a08
SHA1: 97f6e12599bb5848867b9762184d055ed918ab2a

Identifiers

  • None

crash.shell-1.3.2.jar: jansi.dll

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF\native\windows64\jansi.dll
MD5: fd3a20891286c958103f3ea07174cd3c
SHA1: 829195c9e338d5725cf304ae33fc209db53884eb

Identifiers

  • None

cron4j-2.2.5.jar

Description: cron4j is a scheduler for the Java platform which is very similar to the UNIX cron daemon.

License:

GNU General Lesser Public License (LGPL) version 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\cron4j-2.2.5.jar
MD5: 27e8255edb875a3aba695d1f9432244f
SHA1: da0dd0edee48b570cd1e23895e0ac80e09eb272b

Identifiers

dom4j-1.6.1.jar

Description: dom4j: the flexible XML framework for Java

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94

Identifiers

generex-1.0.2.jar

Description: Generex A Java Library for regex to Strings generation

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\generex-1.0.2.jar
MD5: a832db42f9e1c4f76930f547f6f80998
SHA1: b378f873b4e8d7616c3d920e2132cb1c87679600

Identifiers

groovy-2.4.10.jar

Description: Groovy: A powerful, dynamic language for the JVM

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\groovy-2.4.10.jar
MD5: b0baf2f6560e5612df90aad8881a2099
SHA1: 6bc353efef93c44bac017e44542d822f0886b861

Identifiers

CVE-2016-6497  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP API allows attackers to conduct LDAP entry poisoning attacks by leveraging setting returnObjFlag to true for all search methods.

Vulnerable Software & Versions:

guava-20.0.jar

Description:  Guava is a suite of core and expanded libraries that include utility classes, google's collections, io classes, and much much more. Guava has only one code dependency - javax.annotation, per the JSR-305 spec.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\guava-20.0.jar
MD5: f32a8a2524620dbecc9f6bf6a20c293f
SHA1: 89507701249388e1ed5ddcf8c41f4ce1be7831ef

Identifiers

hamcrest-core-1.3.jar

Description:  This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0

Identifiers

hamcrest-library-1.3.jar

Description:  Hamcrest library of matcher implementations.

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hamcrest-library-1.3.jar
MD5: 110ad2ea84f7031a1798648b6b318e79
SHA1: 4785a3c21320980282f9f33d0d1264a69040538f

Identifiers

hibernate-commons-annotations-5.0.1.Final.jar

Description: Common reflection code used in support of annotation processing

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-commons-annotations-5.0.1.Final.jar
MD5: 2a9d6f5a4ece96557bc4300ecc4486fb
SHA1: 71e1cff3fcb20d3b3af4f3363c3ddb24d33c6879

Identifiers

hibernate-core-5.0.12.Final.jar

Description: The core O/RM functionality as provided by Hibernate

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-core-5.0.12.Final.jar
MD5: 226c1afa3e0a7213400b0fd55d6f3b61
SHA1: e58bf1c660e6706d8e2cbb53bae110f574366102

Identifiers

hibernate-entitymanager-5.0.12.Final.jar

Description: Hibernate O/RM implementation of the JPA specification

License:

GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-entitymanager-5.0.12.Final.jar
MD5: bd685c02dd805104726721411207e885
SHA1: 302a526f5058290e9cbd719a5caf9f248d344719

Identifiers

hibernate-jpa-2.1-api-1.0.0.Final.jar

Description: Clean-room definition of JPA APIs intended for use in developing Hibernate JPA implementation. See README.md for details

License:

Eclipse Public License (EPL), Version 1.0: http://www.eclipse.org/legal/epl-v10.html
Eclipse Distribution License (EDL), Version 1.0: http://www.eclipse.org/org/documents/edl-v10.php
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-jpa-2.1-api-1.0.0.Final.jar
MD5: 01b091825023c97fdfd6d2bceebe03ff
SHA1: 5e731d961297e5a07290bfaf3db1fbc8bbbf405a

Identifiers

hibernate-validator-5.3.5.Final.jar

Description: Hibernate's Bean Validation (JSR-303) reference implementation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\hibernate-validator-5.3.5.Final.jar
MD5: bd241d9104768ad5ef698d58534c0bce
SHA1: 0622a9bcef2eed6d41b5b8e0662c36212009e375

Identifiers

jackson-annotations-2.8.0.jar

Description: Core annotations used for value types, used by Jackson data binding package.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jackson-annotations-2.8.0.jar
MD5: 288e6537849f0c63e76409b515c4fbe4
SHA1: 45b426f7796b741035581a176744d91090e2e6fb

Identifiers

CVE-2016-7051  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions:

jackson-core-2.8.8.jar

Description: Core Jackson abstractions, basic JSON streaming API implementation

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jackson-core-2.8.8.jar
MD5: f85e0e9af65d644d909fe2d6acc0e64c
SHA1: d478fb6de45a7c3d2cad07c8ad70c7f0a797a020

Identifiers

CVE-2016-7051  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-918 Server-Side Request Forgery (SSRF)

XmlMapper in the Jackson XML dataformat component (aka jackson-dataformat-xml) before 2.7.8 and 2.8.x before 2.8.4 allows remote attackers to conduct server-side request forgery (SSRF) attacks via vectors related to a DTD.

Vulnerable Software & Versions:

jandex-2.0.0.Final.jar

Description: Parent POM for JBoss projects. Provides default project build configuration.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jandex-2.0.0.Final.jar
MD5: a76f6c70f99b5d9c6cd14180df0b6df1
SHA1: 3e899258936f94649c777193e1be846387ed54b3

Identifiers

javassist-3.21.0-GA.jar

Description:  Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation simple. It is a class library for editing bytecodes in Java.

License:

MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html
LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html
Apache License 2.0: http://www.apache.org/licenses/
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javassist-3.21.0-GA.jar
MD5: 3dba2305f842c2891df0a0926e18bcfa
SHA1: 598244f595db5c5fb713731eddbb1c91a58d959b

Identifiers

javax.mail-1.5.6.jar

Description: JavaMail API

License:

https://glassfish.java.net/public/CDDL+GPL_1_1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javax.mail-1.5.6.jar
MD5: 5e6a70a6deed03bbbae6322af632b34c
SHA1: ab5daef2f881c42c8e280cbe918ec4d7fdfd7efe

Identifiers

javax.transaction-api-1.2.jar

Description: Project GlassFish Java Transaction API

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\javax.transaction-api-1.2.jar
MD5: 2dfee184286530e726ad155816e15b4c
SHA1: d81aff979d603edd90dcd8db2abc1f4ce6479e3e

Identifiers

jboss-logging-3.3.1.Final.jar

Description: The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jboss-logging-3.3.1.Final.jar
MD5: 93cf8945ff84aaf9f0ed9a76991338fb
SHA1: c46217ab74b532568c0ed31dc599db3048bd1b67

Identifiers

jcl-over-slf4j-1.7.25.jar

Description: JCL 1.2 implemented over SLF4J

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jcl-over-slf4j-1.7.25.jar
MD5: 56b22adc639b09b2e917f42d68b26600
SHA1: f8c32b13ff142a513eeb5b6330b1588dcb2c0461

Identifiers

jpam-1.1.jar

Description:  Jpam is a Java-PAM bridge. PAM, or Pluggable Authentication Modules, is a standard security architecture used on Linux, Solaris, HP-UX, Mac OS X and other Unix systems.

License:

The Apache Software License, Version 2.0: http://jpam.sourceforge.net/LICENSE.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jpam-1.1.jar
MD5: f0459c2d72cc35f947bac690729a32a2
SHA1: cb3d91c2dfda767518a371dbb02edfd6a4aa0600

Identifiers

json-path-2.2.0.jar

Description: Java port of Stefan Goessner JsonPath.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\json-path-2.2.0.jar
MD5: 98ec1b51b19c21a32845ba3498df6629
SHA1: 22290d17944bd239fabf5ac69005a60a7ecbbbcb

Identifiers

json-smart-2.2.1.jar

Description:  JSON (JavaScript Object Notation) is a lightweight data-interchange format. It is easy for humans to read and write. It is easy for machines to parse and generate. It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON is a text format that is completely language independent but uses conventions that are familiar to programmers of the C-family of languages, including C, C++, C#, Java, JavaScript, Perl, Python, and many others. These properties make JSON an ideal data-interchange language.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\json-smart-2.2.1.jar
MD5: 4c82c537eb0ba92adad494283711cc11
SHA1: 5b9e5df7a62d1279b70dc882b041d249c4f0b002

Identifiers

jsonassert-1.4.0.jar

Description: A library to develop RESTful but flexible APIs

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jsonassert-1.4.0.jar
MD5: 5d8b0cc1089c3dc08214f86a873d895b
SHA1: 9cdbb373a06f6513e51e8c545ee6a5e981463edb

Identifiers

jul-to-slf4j-1.7.25.jar

Description: JUL to SLF4J bridge

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\jul-to-slf4j-1.7.25.jar
MD5: ab28124cb05fec600f2ffe37b94629e0
SHA1: 0af5364cd6679bfffb114f0dec8a157aaa283b76

Identifiers

junit-4.12.jar

Description: JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\junit-4.12.jar
MD5: 5b38c40c97fbd0adee29f91e60405584
SHA1: 2973d150c0dc1fefe998f834810d68f278ea58ec

Identifiers

log4j-over-slf4j-1.7.25.jar

Description: Log4j implemented over SLF4J

License:

Apache Software Licenses: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\log4j-over-slf4j-1.7.25.jar
MD5: fb818c7981d842875905587a61f2b942
SHA1: a87bb47468f47ee7aabbd54f93e133d4215769c3

Identifiers

logback-core-1.1.11.jar

Description: logback-core module

License:

http://www.eclipse.org/legal/epl-v10.html, http://www.gnu.org/licenses/old-licenses/lgpl-2.1.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\logback-core-1.1.11.jar
MD5: cc7a8deacd26b0aa2668779ce2721c0f
SHA1: 88b8df40340eed549fb07e2613879bf6b006704d

Identifiers

mina-core-2.0.7.jar

Description: Apache MINA is a network application framework which helps users develop high performance and highly scalable network applications easily. It provides an abstract event-driven asynchronous API over various transports such as TCP/IP and UDP/IP via Java NIO.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mina-core-2.0.7.jar
MD5: f4e43e7fa0514a9bc88968d64a6322d8
SHA1: c878e2aa82de748474a624ec3933e4604e446dec

Identifiers

mockito-core-1.10.19.jar

Description: Mock objects library for java

License:

The MIT License: http://github.com/mockito/mockito/blob/master/LICENSE
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mockito-core-1.10.19.jar
MD5: c1967f0a515c4b8155f62478ec823464
SHA1: e8546f5bef4e061d8dd73895b4e8f40e3fe6effe

Identifiers

mysql-connector-java-5.1.41.jar

Description: MySQL JDBC Type 4 driver

License:

The GNU General Public License, Version 2: http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\mysql-connector-java-5.1.41.jar
MD5: eb844eb8920b73aebe8b89d06a6a648b
SHA1: b0878056f15616989144d6114d36d3942321d0d1

Identifiers

CVE-2014-0437  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0412  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0402  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.

Vulnerable Software & Versions: (show all)

CVE-2014-0401  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2014-0393  

Severity: Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2014-0386  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2014-0001  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server version string.

Vulnerable Software & Versions: (show all)

CVE-2013-5908  

Severity: Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.

Vulnerable Software & Versions: (show all)

CVE-2013-3808  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.

Vulnerable Software & Versions: (show all)

CVE-2013-3804  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-3802  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2013-2392  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-2391  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.

Vulnerable Software & Versions: (show all)

CVE-2013-2389  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2013-2378  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-1555  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.

Vulnerable Software & Versions: (show all)

CVE-2013-1552  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2013-1548  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.

Vulnerable Software & Versions: (show all)

CVE-2013-1521  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1506  

Severity: Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-1492  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.

Vulnerable Software & Versions: (show all)

CVE-2013-0389  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2013-0385  

Severity: Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2013-0384  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2013-0383  

Severity: Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.

Vulnerable Software & Versions: (show all)

CVE-2013-0375  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-5627  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.

Vulnerable Software & Versions: (show all)

CVE-2012-5060  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-3197  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.

Vulnerable Software & Versions: (show all)

CVE-2012-3180  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-3177  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.

Vulnerable Software & Versions: (show all)

CVE-2012-3173  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.

Vulnerable Software & Versions: (show all)

CVE-2012-3167  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.

Vulnerable Software & Versions: (show all)

CVE-2012-3166  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-3163  

Severity: High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.

Vulnerable Software & Versions: (show all)

CVE-2012-3160  

Severity: Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.

Vulnerable Software & Versions: (show all)

CVE-2012-3158  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.

Vulnerable Software & Versions: (show all)

CVE-2012-3150  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-2749  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.

Vulnerable Software & Versions: (show all)

CVE-2012-2102  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.

Vulnerable Software & Versions: (show all)

CVE-2012-1734  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1705  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1703  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.

Vulnerable Software & Versions: (show all)

CVE-2012-1702  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-1697  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.

Vulnerable Software & Versions: (show all)

CVE-2012-1696  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1690  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.

Vulnerable Software & Versions: (show all)

CVE-2012-1689  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.

Vulnerable Software & Versions: (show all)

CVE-2012-1688  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.

Vulnerable Software & Versions: (show all)

CVE-2012-0882  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.

Vulnerable Software & Versions: (show all)

CVE-2012-0583  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.

Vulnerable Software & Versions: (show all)

CVE-2012-0574  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0572  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.

Vulnerable Software & Versions: (show all)

CVE-2012-0553  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.

Vulnerable Software & Versions: (show all)

CVE-2012-0540  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.

Vulnerable Software & Versions: (show all)

CVE-2012-0492  

Severity: Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.

Vulnerable Software & Versions: (show all)

CVE-2012-0490  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0485  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0484  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0120  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0119  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0118  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.

Vulnerable Software & Versions: (show all)

CVE-2012-0116  

Severity: Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0115  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0114  

Severity: Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2012-0113  

Severity: Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.

Vulnerable Software & Versions: (show all)

CVE-2012-0112  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.

Vulnerable Software & Versions: (show all)

CVE-2012-0102  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.

Vulnerable Software & Versions: (show all)

CVE-2012-0101  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0087  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.

Vulnerable Software & Versions: (show all)

CVE-2012-0075  

Severity: Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2011-2262  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.

Vulnerable Software & Versions: (show all)

CVE-2010-3840  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.

Vulnerable Software & Versions: (show all)

CVE-2010-3839  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

Vulnerable Software & Versions: (show all)

CVE-2010-3838  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

Vulnerable Software & Versions: (show all)

CVE-2010-3837  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

Vulnerable Software & Versions: (show all)

CVE-2010-3836  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

Vulnerable Software & Versions: (show all)

CVE-2010-3835  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors

MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

Vulnerable Software & Versions: (show all)

CVE-2010-3834  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

Vulnerable Software & Versions: (show all)

CVE-2010-3833  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

Vulnerable Software & Versions: (show all)

CVE-2010-3683  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.

Vulnerable Software & Versions: (show all)

CVE-2010-3682  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.

Vulnerable Software & Versions: (show all)

CVE-2010-3681  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3680  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.

Vulnerable Software & Versions: (show all)

CVE-2010-3679  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.

Vulnerable Software & Versions: (show all)

CVE-2010-3678  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.

Vulnerable Software & Versions: (show all)

CVE-2010-3677  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors

Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.

Vulnerable Software & Versions: (show all)

CVE-2010-3676  

Severity: Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)

storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.

Vulnerable Software & Versions: (show all)

CVE-2010-2008  

Severity: Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation

MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.

Vulnerable Software & Versions: (show all)

CVE-2010-1850  

Severity: Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to execute arbitrary code via a COM_FIELD_LIST command with a long table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1849  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)

The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by sending a large number of packets that exceed the maximum length.

Vulnerable Software & Versions: (show all)

CVE-2010-1848  

Severity: Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
CWE: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 allows remote authenticated users to bypass intended table grants to read field definitions of arbitrary tables, and on 5.1 to read or delete content of arbitrary tables, via a .. (dot dot) in a table name.

Vulnerable Software & Versions: (show all)

CVE-2010-1626  

Severity: Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.

Vulnerable Software & Versions: (show all)

CVE-2010-1621  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.

Vulnerable Software & Versions:

CVE-2009-5026  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.

Vulnerable Software & Versions: (show all)

CVE-2008-4098  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')

MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL home data directory. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4097.

Vulnerable Software & Versions: (show all)

CVE-2008-2079  

Severity: Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls

MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.

Vulnerable Software & Versions: (show all)

CVE-2008-0226  

Severity: High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.

Vulnerable Software & Versions: (show all)

objenesis-2.1.jar

Description: A library for instantiating Java objects

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\objenesis-2.1.jar
MD5: 32ccb1d20a42b5aaaceb90c9082a2efa
SHA1: 87c0ea803b69252868d09308b4618f766f135a96

Identifiers

slf4j-api-1.7.25.jar

Description: The slf4j API

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\slf4j-api-1.7.25.jar
MD5: caafe376afb7086dcbee79f780394ca3
SHA1: da76ca59f6a57ee3102f8f9bd9cee742973efa8a

Identifiers

slf4j-nop-1.7.25.jar

Description: SLF4J NOP Binding

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\slf4j-nop-1.7.25.jar
MD5: cd6179c6efe79f6033d3ca013481aaf5
SHA1: 8c7708c79afec923de8957b7d4f90177628b9fcd

Identifiers

snakeyaml-1.17.jar

Description: YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\snakeyaml-1.17.jar
MD5: ab621c3cee316236ad04a6f0fe4dd17c
SHA1: 7a27ea250c5130b2922b86dea63cbb1cc10a660c

Identifiers

spring-aop-4.3.8.RELEASE.jar

Description: Spring AOP

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-aop-4.3.8.RELEASE.jar
MD5: 5deeeecf0dfd3f9847818a6b1deecb7d
SHA1: 2ee7e60f8838bff13c5def48fab571ab10553e5d

Identifiers

spring-aspects-4.3.8.RELEASE.jar

Description: Spring Aspects

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-aspects-4.3.8.RELEASE.jar
MD5: 840fac1b13468236a8f3bf7aef6c7b68
SHA1: 3db6b9e840cebde1edc08069d7edc6d03e7e682c

Identifiers

spring-beans-4.3.8.RELEASE.jar

Description: Spring Beans

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-beans-4.3.8.RELEASE.jar
MD5: 7c96285cc326b14a5d1aae925bf121f3
SHA1: 9d39133bb80e13d643bfefd731fe86cab3aa2bd7

Identifiers

spring-boot-1.5.3.RELEASE.jar

Description: Spring Boot

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-1.5.3.RELEASE.jar
MD5: 36bbf6aff3f56046cf4f8ac9373886be
SHA1: 5fedde3489afd5dbd82f9122aaec4c9f6da3d564

Identifiers

spring-boot-actuator-1.5.3.RELEASE.jar

Description: Spring Boot Actuator

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-actuator-1.5.3.RELEASE.jar
MD5: 1af39c61c8ff6bbfbf5e65d9d75a78f6
SHA1: 8c5ac2ccbdfb9a286b37b6c2b8df3d222bffce01

Identifiers

spring-boot-autoconfigure-1.5.3.RELEASE.jar

Description: Spring Boot AutoConfigure

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-autoconfigure-1.5.3.RELEASE.jar
MD5: ed9fd89f47a140124a5e2b6d07517dd9
SHA1: b2b4d4a704f039bf22787cc412b1dd34741821fc

Identifiers

spring-boot-starter-1.5.3.RELEASE.jar

Description: Core starter, including auto-configuration support, logging and YAML

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-1.5.3.RELEASE.jar
MD5: dbed0cb5ae026c536bebed50af82b417
SHA1: 03b966d5e3d422474b7af2e73ae0d371ae02718b

Identifiers

spring-boot-starter-actuator-1.5.3.RELEASE.jar

Description: Starter for using Spring Boot's Actuator which provides production ready features to help you monitor and manage your application

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-actuator-1.5.3.RELEASE.jar
MD5: 27236ef57733bd24d3a6157d5261f0c0
SHA1: f7e3a01f09675d19c53eb60ac48d78d1ff62e5cc

Identifiers

spring-boot-starter-aop-1.5.3.RELEASE.jar

Description: Starter for aspect-oriented programming with Spring AOP and AspectJ

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-aop-1.5.3.RELEASE.jar
MD5: 09eb38091a05ca1cfd3e3bbd2bf2802c
SHA1: 7e75f8ddc608c7aecf944b90888a18c884178371

Identifiers

spring-boot-starter-data-jpa-1.5.3.RELEASE.jar

Description: Starter for using Spring Data JPA with Hibernate

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-data-jpa-1.5.3.RELEASE.jar
MD5: b1947aa4964379985683f4ca915eafd1
SHA1: 67f1d0cc0fdeb20595c54ce3340f048fe3b6f67f

Identifiers

CVE-2016-6652  

Severity: Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 (Gosling SR6) and 1.10.x before 1.10.4 (Hopper SR4), when used with a repository that defines a String query using the @Query annotation, allows attackers to execute arbitrary JPQL commands via a sort instance with a function call.

Vulnerable Software & Versions: (show all)

spring-boot-starter-jdbc-1.5.3.RELEASE.jar

Description: Starter for using JDBC with the Tomcat JDBC connection pool

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-jdbc-1.5.3.RELEASE.jar
MD5: a84774d638e02f02389da93edb7f69ff
SHA1: 8f1cdf7364558dd808e575c5815dd1ceaa99bcc5

Identifiers

spring-boot-starter-logging-1.5.3.RELEASE.jar

Description: Starter for logging using Logback. Default logging starter

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-logging-1.5.3.RELEASE.jar
MD5: 4fdfab90d61678a550e75ba40b2d080e
SHA1: ae7f1d938755553b228dd7a7f98aebb0a683c099

Identifiers

spring-boot-starter-mail-1.5.3.RELEASE.jar

Description: Starter for using Java Mail and Spring Framework's email sending support

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-mail-1.5.3.RELEASE.jar
MD5: 5b2ecf992a8eb846606a60b891015483
SHA1: f6f5d95f49bdbc36088cf5f7e7c02320b6fdad18

Identifiers

spring-boot-starter-remote-shell-1.5.3.RELEASE.jar

Description: Starter for using the CRaSH remote shell to monitor and manage your application over SSH. Deprecated since 1.5

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-remote-shell-1.5.3.RELEASE.jar
MD5: cdedeba71703cc51c8066903037490cc
SHA1: 92914bef695950bdbdb92df35d11ccd637e1501d

Identifiers

spring-boot-starter-security-1.5.3.RELEASE.jar

Description: Starter for using Spring Security

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-security-1.5.3.RELEASE.jar
MD5: 10a002cb70047d1b4753f0de0a6f3f1a
SHA1: f814211730a1925389ffa5c033d30d249435fc99

Identifiers

spring-boot-starter-test-1.5.3.RELEASE.jar

Description: Starter for testing Spring Boot applications with libraries including JUnit, Hamcrest and Mockito

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-test-1.5.3.RELEASE.jar
MD5: 7ef4b12d43a48dce7b86854f8de6ed82
SHA1: c04072c6637e9a7798ef152dc04581d2644b56ed

Identifiers

spring-boot-starter-tomcat-1.5.3.RELEASE.jar

Description: Starter for using Tomcat as the embedded servlet container. Default servlet container starter used by spring-boot-starter-web

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-tomcat-1.5.3.RELEASE.jar
MD5: 4c04660aad3543b38622a2f66e4591a1
SHA1: 1b71416805e0bbf6885ee65aae440adbad0afe60

Identifiers

spring-boot-starter-web-1.5.3.RELEASE.jar

Description: Starter for building web, including RESTful, applications using Spring MVC. Uses Tomcat as the default embedded container

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-web-1.5.3.RELEASE.jar
MD5: cd4d64d2f32ae9193f5ec080fbba51a7
SHA1: 37469baf2a75a9d2230391a5038f49d4018d2bcc

Identifiers

spring-boot-starter-web-services-1.5.3.RELEASE.jar

Description: Starter for using Spring Web Services

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-starter-web-services-1.5.3.RELEASE.jar
MD5: 1bfe9a7d704cb48b7ac846463dd5e69b
SHA1: 9465d5ccc939e6fbdbb0af822f5414be7b0d4979

Identifiers

spring-boot-test-1.5.3.RELEASE.jar

Description: Spring Boot Test

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-test-1.5.3.RELEASE.jar
MD5: 9116aa5363615823c80f90902eaeebd1
SHA1: ad57d8bacb4fc147ded7c99806f8693855f5fe29

Identifiers

spring-boot-test-autoconfigure-1.5.3.RELEASE.jar

Description: Spring Boot Test Auto-Configure

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-boot-test-autoconfigure-1.5.3.RELEASE.jar
MD5: 09e9393f9f2316ba70df15eb64e2488e
SHA1: b0469a036d8c23f1d48e1a5bf9c0443ef2aa0fc3

Identifiers

spring-context-4.3.8.RELEASE.jar

Description: Spring Context

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-context-4.3.8.RELEASE.jar
MD5: 7512e2be5a2ef287b6625ea13ead6c37
SHA1: 944073ac58ab78b78a7694d2c53d4ae9f634c815

Identifiers

spring-context-support-4.3.8.RELEASE.jar

Description: Spring Context Support

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-context-support-4.3.8.RELEASE.jar
MD5: bb0d3fa3133c4a3d98f10838e86c7f54
SHA1: d86cbaa600b1be941a2fb146003e3029a8738577

Identifiers

spring-core-4.3.8.RELEASE.jar

Description: Spring Core

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-core-4.3.8.RELEASE.jar
MD5: 6cfb77086005e125dff38f180c90f093
SHA1: cce6c251249e48f0a86aa578c2a0e262efa5a1e0

Identifiers

  • cpe: cpe:/a:pivotal:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:pivotal_software:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:springsource:spring_framework:4.3.8   Confidence:LOW   
  • cpe: cpe:/a:vmware:springsource_spring_framework:4.3.8   Confidence:LOW   
  • maven: org.springframework:spring-core:4.3.8.RELEASE   Confidence:HIGHEST

spring-data-commons-1.13.3.RELEASE.jar

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-data-commons-1.13.3.RELEASE.jar
MD5: ba49322acc61dcd574f0277a3dd3fd76
SHA1: f8be49f9564b7b8736d8f1ebb55bbf4997c29514

Identifiers

spring-data-jpa-1.11.3.RELEASE.jar

Description: Spring Data module for JPA repositories.

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-data-jpa-1.11.3.RELEASE.jar
MD5: b924f0004504065af93052de1bd4356b
SHA1: 32394b68dd3eb580ace408c0c8b886601cc88288

Identifiers

spring-expression-4.3.8.RELEASE.jar

Description: Spring Expression Language (SpEL)

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-expression-4.3.8.RELEASE.jar
MD5: 4f2642b43ef001ec3007f28fc6cd7c51
SHA1: 0204f7e241f42f46b16baa3d190752703efd7797

Identifiers

spring-jdbc-4.3.8.RELEASE.jar

Description: Spring JDBC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-jdbc-4.3.8.RELEASE.jar
MD5: a1c0a06703b1382dd6dea40fb364cbcb
SHA1: 55b84eaa488b3659dae971573aad35fe6f549011

Identifiers

spring-orm-4.3.8.RELEASE.jar

Description: Spring Object/Relational Mapping

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-orm-4.3.8.RELEASE.jar
MD5: d749ea43cca9eccf9900341c45a6127e
SHA1: 347119fc607f2a6261abb253a41c85caf4cef8ad

Identifiers

spring-oxm-4.3.8.RELEASE.jar

Description: Spring Object/XML Marshalling

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-oxm-4.3.8.RELEASE.jar
MD5: 5bb9a40a20603a1499deb44a50ab4e35
SHA1: 65ba0d05277ea25e166a493508ed13b3fd7c7e10

Identifiers

spring-security-config-4.2.2.RELEASE.jar

Description: spring-security-config

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-config-4.2.2.RELEASE.jar
MD5: 859edb82d48ca25dd6eb2eac59f0dc94
SHA1: 1129e18946a6af408f96e4e0c42c4313f6e191b4

Identifiers

spring-security-core-4.2.2.RELEASE.jar

Description: spring-security-core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-core-4.2.2.RELEASE.jar
MD5: 9958bd7002555ba4e5442a476b79a860
SHA1: b4797b71d9f7d1a4b76b5d095ac20868369a8c31

Identifiers

spring-security-web-4.2.2.RELEASE.jar

Description: spring-security-web

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-security-web-4.2.2.RELEASE.jar
MD5: fc8b61267f30fdb06cfa45420a81899e
SHA1: 632c66fc1c826748f64867689c6688765db593c9

Identifiers

spring-test-4.3.8.RELEASE.jar

Description: Spring TestContext Framework

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-test-4.3.8.RELEASE.jar
MD5: afa8fa874accdaf421dc0e8248f162a7
SHA1: 37e3896fb1d3fa08235224b1a7528f806de717cc

Identifiers

spring-tx-4.3.8.RELEASE.jar

Description: Spring Transaction

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-tx-4.3.8.RELEASE.jar
MD5: 9893898aca284fbf988721958ea98531
SHA1: 7d84a40ac7eb8548aa67b8a3ae89baa8a5eb39a0

Identifiers

spring-web-4.3.8.RELEASE.jar

Description: Spring Web

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-web-4.3.8.RELEASE.jar
MD5: 8832270a6cc79dece124263cbe8b1bb7
SHA1: ec1b675c2e234b0c776d36ed56c691520030026f

Identifiers

spring-webmvc-4.3.8.RELEASE.jar

Description: Spring Web MVC

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-webmvc-4.3.8.RELEASE.jar
MD5: 9b21dcf2dfc179ffcf26d3b6a0636870
SHA1: 7a00452c350de0fb80ecbcecfb8ce0145c46141e

Identifiers

spring-ws-core-2.4.0.RELEASE.jar

Description: Spring WS Core

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-ws-core-2.4.0.RELEASE.jar
MD5: 4e6805a1b0ed9a595442911792661d2e
SHA1: b4c17b5a17f14927efb389edfa0cc7f3fb0ff65b

Identifiers

spring-xml-2.4.0.RELEASE.jar

Description: Spring XML

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\spring-xml-2.4.0.RELEASE.jar
MD5: 3c25c380815b4407b1f4627e7765db92
SHA1: 48edff3499a74c6c0e14f27139a4cb934711d022

Identifiers

sshd-core-0.11.0.jar

Description: The Apache Software Foundation provides support for the Apache community of open-source software projects. The Apache projects are characterized by a collaborative, consensus based development process, an open and pragmatic software license, and a desire to create high quality software that leads the way in its field. We consider ourselves not simply a group of projects sharing a server, but rather a community of developers and users.

License:

http://www.apache.org/licenses/LICENSE-2.0
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\sshd-core-0.11.0.jar
MD5: 6c8555dcb7c31b8e24bdd43ab674c681
SHA1: 450da44553c98805ca6bb5709cad54df4acb802a

Identifiers

sshd-pam-0.11.0.jar

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\sshd-pam-0.11.0.jar
MD5: 7152732150fca60156ccb53f081ad1d9
SHA1: b939ceb742cefc1c632132111b8e4facc41b3d38

Identifiers

tomcat-embed-core-8.5.14.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-embed-core-8.5.14.jar
MD5: 2e7be3ef2d5347ef9719d16454019ec4
SHA1: 7ce577af04cadd7ab4b36f71503fc688d5d52ccf

Identifiers

CVE-2017-6056  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-19 Data Handling

It was discovered that a programming error in the processing of HTTPS requests in the Apache Tomcat servlet and JSP engine may result in denial of service via an infinite loop. The denial of service is easily achievable as a consequence of backporting a CVE-2016-6816 fix but not backporting the fix for Tomcat bug 57544. Distributions affected by this backporting issue include Debian (before 7.0.56-3+deb8u8 and 8.0.14-1+deb8u7 in jessie) and Ubuntu.

Vulnerable Software & Versions:

CVE-2017-5664  

Severity: Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-254 Security Features

The error page mechanism of the Java Servlet Specification requires that, when an error occurs and an error page is configured for the error that occurred, the original request and response are forwarded to the error page. This means that the request is presented to the error page with the original HTTP method. If the error page is a static file, expected behaviour is to serve content of the file as if processing a GET request, regardless of the actual HTTP method. The Default Servlet in Apache Tomcat 9.0.0.M1 to 9.0.0.M20, 8.5.0 to 8.5.14, 8.0.0.RC1 to 8.0.43 and 7.0.0 to 7.0.77 did not do this. Depending on the original request this could lead to unexpected and undesirable results for static error pages including, if the DefaultServlet is configured to permit writes, the replacement or removal of the custom error page. Notes for other user provided error pages: (1) Unless explicitly coded otherwise, JSPs ignore the the HTTP method. JSPs used as error pages must must ensure that they handle any error dispatch as a GET request, regardless of the actual method. (2) By default, the response generated by a Servlet does depend on the HTTP method. Custom Servlets used as error pages must ensure that they handle any error dispatch as a GET request, regardless of the actual method.

Vulnerable Software & Versions: (show all)

CVE-2016-6325  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, JBoss Web Server 3.0, and JBoss EWS 2 uses weak permissions for (1) /etc/sysconfig/tomcat and (2) /etc/tomcat/tomcat.conf, which allows local users to gain privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

CVE-2016-5425  

Severity: High
CVSS Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)
CWE: CWE-264 Permissions, Privileges, and Access Controls

The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, CentOS, Oracle Linux, and possibly other Linux distributions uses weak permissions for /usr/lib/tmpfiles.d/tomcat.conf, which allows local users to gain root privileges by leveraging membership in the tomcat group.

Vulnerable Software & Versions:

tomcat-embed-el-8.5.14.jar

Description: Core Tomcat implementation

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-embed-el-8.5.14.jar
MD5: 6d38635ee4c9b16687cd2c8f6e67a4f9
SHA1: 9e8a7cd67420d9857dbc62f84a3082c2a4b4b3eb

Identifiers

tomcat-jdbc-8.5.14.jar

Description: Tomcat JDBC Pool Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-jdbc-8.5.14.jar
MD5: 005102c347c15437bb4b63cb78d14b4b
SHA1: 1303e59a4b69dd126454132cf6f6bc2d0fbd90ec

Identifiers

tomcat-juli-8.5.14.jar

Description: Tomcat Core Logging Package

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\tomcat-juli-8.5.14.jar
MD5: fc6328950fe10cf775ffe35690ec770c
SHA1: dbd351147d692d88107a780a932646af2258fc5d

Identifiers

validation-api-1.1.0.Final.jar

Description:  Bean Validation API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\validation-api-1.1.0.Final.jar
MD5: 4c257f52462860b62ab3cdab45f53082
SHA1: 8613ae82954779d518631e05daa73a6a954817d5

Identifiers

wsdl4j-1.6.3.jar

Description: Java stub generator for WSDL

License:

CPL: http://www.opensource.org/licenses/cpl1.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\wsdl4j-1.6.3.jar
MD5: cfc28d89625c5e88589aec7a9aee0208
SHA1: 6d106a6845a3d3477a1560008479312888e94f2f

Identifiers

xmlschema-core-2.0.1.jar

Description: Commons XMLSchema is a light weight schema object model that can be used to manipulate or generate XML schema.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\xmlschema-core-2.0.1.jar
MD5: b7f3197aebdcf95fa429e1c0e4c6f086
SHA1: e9f802631794bd9f8ad90c4234b50440dfbdb21e

Identifiers

xmlsec-2.0.8.jar

Description:  Apache XML Security for Java supports XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002, and XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002. As of version 1.4, the library supports the standard Java API JSR-105: XML Digital Signature APIs.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\xmlsec-2.0.8.jar
MD5: 36c15473b98fe58bd9d3ee88c555a849
SHA1: f5995bd4cd75816568c3b26d2552d957316ba8dc

Identifiers

crash.shell-1.3.2.jar\META-INF/maven/jline/jline/pom.xml

License:

The BSD License: http://www.opensource.org/licenses/bsd-license.php
File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\crash.shell-1.3.2.jar\META-INF/maven/jline/jline/pom.xml
MD5: c115487107302a4d8b15dfe918a3ee92
SHA1: c360defa993e6b59531e23966a89415c3db54848

Identifiers

  • maven: jline:jline:2.12   Confidence:HIGH

assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib-nodep/pom.xml
MD5: 425b3e01685d013cbc5b431afc582104
SHA1: 3d0aad1cd07c4754588acbdb8561e367e457cc1d

Identifiers

  • maven: cglib:cglib-nodep:3.2.4   Confidence:HIGH

assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml

File Path: C:\Users\Danilo\Desktop\jarovi\alternateLocation\assertj-core-2.6.0.jar\META-INF/maven/cglib/cglib/pom.xml
MD5: 072045d2914c647e8e37e8c4b387aaf0
SHA1: 23e1de8e375b571cb6c40ef93f04578abc23dfcb

Identifiers

  • maven: cglib:cglib:3.2.4   Confidence:HIGH


This report contains data retrieved from the National Vulnerability Database.